| Account Takeover via Broken Authentication Workflow: Free Lifetime Streaming! |
|
|
|
| Plug Security Holes in React Apps That Can Lead to API Exploitation |
|
|
|
| Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja |
|
|
|
| Securing our home labs: Frigate code review |
|
|
|
| Storing Passwords - A Journey Of Common Pitfalls |
|
|
|
| Vulnerability Spotlight: CVE-2023-0264 |
|
|
|
| User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264) |
|
|
|
| Improper Authentication in Android App |
|
|
|
| Dodging OAuth origin restrictions for Firebase spelunking |
|
|
|
| ASP.NET Boilerplate Multiple Vulnerabilities |
|
|
|
| SecStory: How I Found Multiple P1 Vulnerabilities without Recon |
|
|
|
| Exploiting Authentication in AWS IAM Authenticator for Kubernetes |
|
|
|
| Bug Bounty Adventures: A NodeBB 0-day |
|
|
|
| Flickr Account Takeover |
|
|
|
| How I accidentally hacked many companies using N/A vulnerability in Atlassian Cloud |
|
|
|
| Full account takeover through referral code. |
|
|
|
| Agent 007: Pre-Auth Takeover of Build Pipelines in GoCD |
|
|
|
| Bypassing 2FA using OpenID Misconfiguration |
|
|
|
| Shopify Multipass Misconfiguration |
|
|
|
| Oculus SSO “Account Linking” bug leads to account takeover on third party websites and inside VR Games/Apps |
|
|
|
| Auth Issues |
|
|
|
| Account Takeover - Smoking with ‘null’ |
|
|
|
| Duplicate Registration - The Twinning Twins |
|
|
|
| Microsoft Remote Desktop Web Access Authentication Timing Attack |
|
|
|
| Weird functionality leads to Account Takeover (Millions of Users affected) |
|
|
|
writeups.xyz
/
Broken Authentication